|Link||package | bugs open | bugs closed | Wiki | GitHub | web search|
|Description||Additional components for OpenJDK - Browser plug-in and Web Start implementation|
It was found that icedtea-web was vulnerable to a zip-slip attack during auto-extraction of a JAR file. An attacker could use this flaw to write files to...
It was found that icedtea-web did not properly sanitize paths from <jar/> elements in JNLP files. An attacker could trick a victim into running a specially...
It was found that executable code could be injected in a JAR file without compromising the signature verification. An attacker could use this flaw to inject...